Candidate: CVE-2019-12816
PublicDate: 2019-06-15 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12816
Description:
 Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin
 users to escalate privileges and execute arbitrary code by loading a module
 with a crafted name.
Ubuntu-Description:
 It was discovered that ZNC incorrectly handled loading modules.
 A non-admin user could possibly use this to escalate privileges or
 execute arbitry code.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_znc:
 upstream: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
upstream_znc: released (1.7.2-3)
precise/esm_znc: DNE
trusty_znc: ignored (out of standard support)
trusty/esm_znc: DNE
xenial_znc: released (1.6.3-1ubuntu0.2)
bionic_znc: released (1.6.6-1ubuntu0.2)
cosmic_znc: released (1.7.1-2ubuntu0.2)
disco_znc: released (1.7.2-2ubuntu0.1)
devel_znc: released (1.7.2-3)